BD CISO talks cybersecurity best practices, previews HIMSS21

Rob Suárez of Becton, Dickinson and Company discusses the company's HIMSS21 cybersecurity messages, BD's Cybersecurity Trust Center and more.
By Bill Siwicki
11:15 AM

BD Chief Information Security Officer Rob Suárez

Photo: BD

Becton, Dickinson and Company, better known as BD, is one of the largest global medical technology companies and works to advance the world of health by improving medical discovery, diagnostics and the delivery of care.

BD will have a major presence at the upcoming HIMSS21 Conference and Exhibition, August 9-13 in Las Vegas, in booths 6326 and VHQ7000. Some of the main technologies and subjects it will be covering this year include cybersecurity, connected medication management and analytics.

Perhaps the biggest and timeliest of these subjects is cybersecurity. BD Chief Information Security Officer Rob Suárez will be at HIMSS21. He'll be presenting the educational session "Strategies for Partnering with Medical Device Manufacturers to Strengthen Cybersecurity," on Wednesday, August 11, at 4 p.m. in BD Booth 6326. He will be moderating a panel discussion about healthcare cybersecurity with several BD healthcare organization clients.

Healthcare IT News sat down with Suárez for a preview of BD's cybersecurity messages and tools at HIMSS21. He went in-depth, offering a look at the company's HIMSS21 cybersecurity messages, BD's Cybersecurity Trust Center, and the company's commitment to transparency and collaboration with its healthcare organization clients.

Q. What are a couple of the major messages you will be delivering at HIMSS21 about cybersecurity?

A. Cybersecurity is top of mind in healthcare. Ransomware attacks are making headlines, and new cybersecurity threats emerge daily. Some are aimed at disrupting the production and supply chain of medical technology, while other threats can cause breaches or compromise patient data, or even disrupt clinical workflows and the delivery of care.

At BD, we believe there is a patient at the end of everything we do. We're not just protecting IT systems and data. We're also protecting patient privacy and patient safety.

We integrate cybersecurity into each phase of our product lifecycle, and we also know that every patient environment is unique. That means there's no one-size-fits-all approach, so we work closely with customers to understand their workflows and potential cybersecurity vulnerabilities. Transparency and trust are essential for that collaboration to be effective.

This is a topic we'll be discussing in depth during the panel discussion with customers August 11th in booth 6326. In addition to the role of trust, we'll talk about managing legacy environments, how prioritizing cybersecurity can be a business enabler and best practices for preparing for, preventing and responding to ransomware attacks.

Q. The company recently launched the BD Cybersecurity Trust Center, and you will be featuring it at HIMSS21. Please explain what the center is and why it can be important to healthcare CISOs and CIOs.

A. BD is committed to advancing the world of health and providing innovative, safe and secure products for our customers and patients. We also recognize that access to timely, actionable information is an important component to trust and transparency.

In 2020, we launched the BD Cybersecurity Trust Center website, where current and prospective customers can access product security bulletins and patches, request product security white papers, and learn more about our coordinated vulnerability disclosure process. Through the site, customers, security researchers, third-party component vendors and other external groups also can report a vulnerability or a cybersecurity concern related to a BD software-enabled device.

In addition, we recognize the value independent cybersecurity attestations provide to CISOs and CIOs in healthcare. Each year, a range of external third parties independently assess BD products and internal cybersecurity controls.

To demonstrate our commitment to product security and the protection of customer data, we share these industry-recognized certifications and attestation reports through the BD Cybersecurity Trust Center. These include Underwriters Laboratories Cybersecurity Assurance Program (UL CAP) certifications and SOC2+ reports for a variety of software-enabled products.

As the single source of BD cybersecurity content, the site also offers resources like our inaugural cybersecurity annual report, which provides stakeholders with an overview of BD cybersecurity practices, our engagement with cybersecurity working groups in healthcare, and anticipated cybersecurity trends for the year ahead.

The 2020 BD Cybersecurity Report can be downloaded directly from the site's "Helpful Resources" page. In addition, the site provides multiple product security templates customers and fellow medical device manufacturers can use to improve their own cybersecurity processes.

Q. In the realm of cybersecurity, BD says it has a commitment to transparency and collaboration with its healthcare organization clients. What does this mean exactly, and why is it important?

A. Healthcare providers can't protect their systems and their patients from cybersecurity threats they don't know about. That's why we believe transparency and collaboration are so essential.

BD has established a routine practice of seeking, communicating and addressing cybersecurity issues in a timely fashion. When a potential vulnerability is reported to BD, we partner with the issue reporter to investigate and confirm the vulnerability.

If confirmed, we publish a product security bulletin to the BD Cybersecurity Trust Center. We share this information even when a potential vulnerability exists in third-party software.

For maximum awareness, BD voluntarily reports vulnerabilities to the U.S. Food & Drug Administration (FDA) and information-sharing analysis organizations (ISAOs) where BD participates, including the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Health Information Sharing and Analysis Center (H-ISAC).

Additionally, BD follows the FDA's Postmarket Management of Cybersecurity in Medical Devices guidance to properly communicate vulnerabilities to BD customers.

These processes enable customers to manage risk properly through awareness and guidance.

Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.

HIMSS21 Coverage

An inside look at innovation, education, technology, networking and key events at HIMSS21 Global Conference & Exhibition in Las Vegas.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.